A vulnerability classified as problematic has been found in WSO2 Identity Server and Carbon MagicLink Authenticator Module . The affected element is an unknown function of the component Magic Link/Pass Key . This manipulation causes incorrect authorization. The identification of this vulnerability is CVE-2025-10908 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.